search

trufflesecurity / trufflehog

Find, verify, and analyze leaked credentials
https://trufflesecurity.com
GNU Affero General Public License v3.0
15.87k stars 1.66k forks source link

Apply custom-detectors to specific file types (via inclusion or exclusion) #3302

Open mtcolman opened 3 weeks ago

mtcolman commented 3 weeks ago

Please review the Community Note before submitting

Description

Is it possible to apply regex detectors to specific filetypes? the main use case I have for this is that some filetypes specify password/secret strings without quotes around them, whilst in other filetypes this would be a parameter and thus safe for inclusion.

Preferred Solution

If we could specify in the config.yaml:

detectors:
- name: custom password detector
  keywords:
  - username
  - password
  - token
  regex:
    adjective: "[a-zA-Z0-9]{32}"
  exclude_types: [".py", ".txt", ".example"]

Additional Context

So that I could define many detectors and for each individually specify whether to apply this to certain file types. Then I can run this against an entire directory. I don't want to exclude the files from a scan, I just want to exclude them from specific detectors.

References

N/A

Thanks!

rgmz commented 3 weeks ago

Being able to exclude detectors from specific files is a useful capability. I hope the team can add it.

I created a POC in #1741, though it wouldn't work for custom detectors.